IBM Support

HPDRG0201E Error code 0x71 after ITAM 6.0 Fixpack upgrade

Technote (troubleshooting)


Problem(Abstract)

After upgrading to Fixpack 23 or above, WebSEAL fails to start with this error:

2012-05-01-11:35:31.468-05:00I----- 0x16B480C9 webseald ERROR rgy ira ira_handle.c 430 0x00000001
HPDRG0201E Error code 0x71 was received from the LDAP server. Error text: "SSL initialization call failed".

Cause

APAR IZ50239
Symptom: WEBSEAL process inherits root user group membership

Environment

Unix

Diagnosing the problem

The SSL to LDAP KDB and STH file was owned by root, which is a security vulnerability.

Resolving the problem

No files should be owned by root, however, a bug was discovered and fixed in Fixpack 23 for Access Manager 6.0 that allowed WebSEAL to read files owned by root. When upgrading, the KDB and STH files, which had permissions root:system caused WebSEAL to not to start.



In this case, the files ownership was changed to ivmgr:ivmgr, which solved the issue.

Product Alias/Synonym

ITAM ISAM SAM TAM

Document information

More support for: IBM Security Access Manager for Web
WebSEAL

Software version: 6.0

Operating system(s): Platform Independent

Reference #: 1606846

Modified date: 26 June 2014


Translate this page: